Does not handle certain files (notepad.exe) due to Forwarded functions/GOT/PLT?

[bnet-aaron-martin]

Certain programs will not load (eg. crash).
However, what is interesting is if you use the address returned from LoadLibraryA("...notepad.exe"), and then treat that memory as the file you mapped (or fopen/read in, whatever), it works.

Many PE loaders have this issue... LoadLibrary is doing some kind of fixup-magic .

[aaaddress1]

could you give a reproductive example to test for sure? or this project crash on notepad.exe (win10+?). and what's your meaning of certain files, is catalog signed?

[frkngksl]

I guess he tried to say that I cannot load the Windows executables. I am encountering the same situation. On Windows 10 Build 19042, I couldn't load notepad.exe. First, I thought that notepad is not a console application and it uses different subsystem, but then I tried whoami.exe, but it didn't work too.

[YourDaddyIsHere]

I just encounter the same situtation...
It works well for some exe, but crash silently on other exe files.
I use debugger to do some dig-ins and I find out that the program correctly go into the entrypoint of the target exe (with correct arguments), but it later encounters some exceptions (e.g. access violation).

And yes, I try multiple loaders in github and... they all crash on some exe files (but those exe files works well after being packed by upx and themida).

@bnet-aaron-martin
I try to use loadlibraryA to replace my fopen+PEloader and other stuffs... and it crashes...could you show the codes to demonstrate how you use LoadlibraryA to play with the loader? I doubt that I am not using LoadlibraryA in the way you indicate...
BTW, I think when we use LoadLibraryA to load an exe file, the IAT will not be correctly modified, that means any call to imported function will cause a crash.